I National Reverse Mortgage Lenders Association (NRMLA) said this week it has sent comments to the US Department of Housing and Urban Development (HUD) requests that the agency, at a minimum, align its cybersecurity reporting requirements with those Ginnie Mae. Ideally, however, it wants an even longer extension.
The Draft Mortgage Letter (ML) was posted on September 30 and appears on the Single-Family Construction Table, an online portal for HUD’s proposed but not yet implemented policy. ML provides updated requirements for when Federal Housing Administration (FHA)-accredited lenders must notify HUD “when an online reportable incident occurs” within 36 hours of initial discovery.
The document “provides a clear definition of what constitutes a cyber incident and requires FHA-accredited lenders to notify HUD as soon as possible — but no later than 36 hours — after discovering that a reported cyber incident has occurred,” according to a draft statement published in September . “These updated reporting requirements are consistent with FHA and existing standards established by federal banking associations.”
But NRMLA said in a letter sent to the Drafting Board that it would be a better option to stick with similar policies announced by Ginnie Mae earlier this year. The state-owned company issued an All-Participant Memorandum (APM) in March instead giving issuers a 48-hour timetable to notify the company of relevant information related to alleged violations.
The trade association announced the move in an email update to its membership. In consultation with HUD’s NRMLA issues and assistance committees, the ideal situation would be to be more consistent with the proposed timeline. Office of the National Cyber Administratorinternal division The White Housesaid the NRMLA.
HUD’s proposed guidance itself would be an extension. ML 2024-10, issued in May, shortened the requirement to just 12 hours. But the NRMLA argues that the 72-hour extension would work to “harmonize” requirements across multiple government agencies.
Businesses around the world have become increasingly vulnerable to the actions of bad actors who want to compromise computer systems and steal data or hold systems in exchange for payment through “ransomware.” Such attacks compromise the information security systems of companies everywhere, and can expose consumers’ personal and financial information.
In August, i Federal Housing Finance Agency (FHFA) The Office of the Inspector General issued a report stating that the agency is at risk of fraud. I The FBI It was reported earlier this year that cybercrime could cost a record $12.8 billion by 2023. A mortgage lender loanDepot was hit hard by a cyberattack in January, and the company said the event impacted its performance in the first quarter of 2024.
Some businesses that have recently been hit by cyber attacks include Mr Cooper Group, First American again Fidelity National Financialthe parent of the function LoanCare. Each of these incidents has caused companies to temporarily shut down certain systems to contain attacks that reveal customer information. The rapid frequency of cybercrime has many companies on edge.
Related
Source link
